CVE-2026-21767 MEDIUM

CVE-2026-21767: HCL BigFix Platform is affected by insufficient authentication

Vendor Hclsoftware
Product BigFix Platform
Weakness CWE-306 · Missing auth
Published April 1, 2026
Last update April 2, 2026

CVSS base score

4.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

HCL BigFix Platform is affected by insufficient authentication.  The application might allow users to access sensitive areas of the application without proper authentication.

Key dates

02Disclosure timeline

April 1, 2026 CVE published
April 2, 2026 Record updated